TrueCrypt alternative CipherShed is not dead - gHacks Tech News

TrueCrypt alternative CipherShed is not dead

CipherShed was one of a handful of TrueCrypt encryption software alternatives that emerged shortly after the developers of TrueCrypt dropped the software and development like a hot stone.

We reviewed the initial version of CipherShed back in 2014 when the development team released a first screenshot of the upcoming interface and revealed its plans.

The team released a pre-alpha version at the end of 2014 but no new version afterwards, and it is likely that many users who were interested in the project moved on to other projects such as VeryCrypt which offer similar functionality and are updated frequently.

CipherShed 0.7.4.0, the first non-alpha version of the application, was released in February 2016, more than year after the release of the initial pre-alpha version the team released.

ciphershed 0740
Release Date is wrong

You get a rebranded version of TrueCrypt more or less with CipherShed. That's not the only change though that went into the new build of the encryption software.

The team lists the following changes on the official website:

  • Mitigation of various buffer overflows
  • Address 100% CPU usage in boot loader (mostly relevant to VMs)
  • Address CVE-2015-7359: Local Elevation of Privilege on Windows caused by incorrect Impersonation Token Handling.
  • Address CVE-2015-7358 (critical): Local Elevation of Privilege on Windows by abusing drive letter handling.
  • Apache 2.0 is now our contributor license
  • Build process is a bit cleaner
  • Signatures are made in both SHA1 and SHA2 for verification on a wider variety of Windows
  • Code coverage is being implemented

CipherShed's development team fixed several of the security issues that were identified during TrueCrypt's audit. The roadmap lists this as a short-term audit response, but that is not really the case considering that it took more than 10 months to fix those issues.

The program is compatible with TrueCrypt containers and encryption formats, and it can be used as a direct replacement of the software even on systems where data that has been encrypted using TrueCrypt is already present.

As far as the future is concerned, one of the next big steps in development will be support for UEFI boat loaders which will enable users on Windows 8 and newer versions of Windows to use full disk encryption without having to switch boot platforms.

Plans to audit the source code and replace copyrighted code to allow CipherShed to be included in Linux distributions are other major steps the team plans to take in the future.

You can check out the project's roadmap on the official Wiki.

Closing Words

Most users who are still using TrueCrypt to protect their files or have already switched to one of the available alternatives wonder probably whether CipherShed is the right program for them.

Probably the main issue here is that it is unclear how fast development will progress from this point onward. While it is possible to use the program as is currently, projects like VeraCrypt are more active currently.

Now You: Which encryption software are you using currently?

Summary
TrueCrypt alternative CipherShed is not dead
Article Name
TrueCrypt alternative CipherShed is not dead
Description
CipherShed 0.7.4.0, the first non-alpha version of the application, was released in February 2016, more than year after the release of the initial pre-alpha version the team released.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. RG said on April 21, 2016 at 6:31 pm
    Reply

    Using 7.1a of TrueCrypt still. VeraCrypt was buggy when I last tested it and was unable to find a fix, it may have improved since but I am not sure.

  2. Kin said on April 21, 2016 at 6:36 pm
    Reply

    Gotta love the release date year we see in the About screenshot…

  3. Paranam Kid said on April 21, 2016 at 6:48 pm
    Reply

    VeraCrypt.

  4. Nebulus said on April 21, 2016 at 9:17 pm
    Reply

    If you are using anything other than TrueCrypt v7.1a, then you truly have no clue…

    1. Paranam Kid said on April 23, 2016 at 7:47 am
      Reply

      Or you don’t.

  5. Alan Robertson said on April 21, 2016 at 9:27 pm
    Reply

    The original Truecrypt passed the two stage audit with some minor problems that were fixed in Veracrypt, then it was audited by the German government, and finally Google’s zero day project which found issues with the mounted drives and again it was fixed in Veracrypt. There were no backdoors found in any of the audits. After the issues with the mounted drives I switched to Veracrypt and it works fine on Windows and Linux. These days I’m more Linux than Windows so I would really only use the container function as Luks is good enough for me.

    I can’t see any benefit of Ciphershed – it was slow at development and is trying to do exactly the same thing as Veracrypt. Perhaps if it took on a unique angle it might find its niche, however I’m afraid they have left things too late. Cross platform would be useful. What about an Android app?

  6. Tom Hawack said on April 22, 2016 at 12:48 am
    Reply

    TrueCrypt 7.1a because having nothing to hide there’s no point in using VeraCrypt :)
    Bah, I always remained skeptical about alleged TrueCrypt vulnerabilities. Strange story. But I may be mistaking. If I had highly confidential data I wouldn’t take the risk. But if anyone opened the vault they’d find no more than pictures, videos of Mrs. Xyz and myself playing mom & dad in a cheap hotel in the suburbs of Santa Cruz. Nothing really important.

    1. Wayfarer said on April 23, 2016 at 2:22 am
      Reply

      I concur. Always suspicious of TrueCrypt’s demise – paid off or scared off – one or the other I remain convinced. I still use Truecrypt 7.1a – if there are vulnerabilities I’m sceptical of answers such as Veracrypt and Ciphershed.

      1. Paranam Kid said on April 23, 2016 at 8:53 am
        Reply

        VeraCrypt is open source so any dubious code would get picked up immediately.

      2. wayfarer said on April 27, 2016 at 12:30 am
        Reply

        Also – I need a portable utility. Nothing but TrueCrypt seems to qualify. Kind of tempted to CypherShed to be honest. But no (obvious) portable app, plus it’s one of those downloads that seems to require a degree in computer science to complete….

  7. xuser said on April 22, 2016 at 3:06 pm
    Reply

    7.1a of TrueCrypt still

  8. TomasG said on April 22, 2016 at 4:04 pm
    Reply

    Unless you are a senior insider at some agency like NSA, CIA, KGB, MI6, etc. …. there isn’t a reliable method to verify which of the available encryption methods have already been compromised or not.

    In the absence of hard evidence, it might be better if we remain scattered – and continue to support a wide variety of encryption software methods. Theoretically, it makes life more complicated for the crypto-busters, and slows down their progress.

  9. clas said on April 23, 2016 at 2:13 pm
    Reply

    havent thought about encryption in a while. thanks for jogging my memory. i was impressed by comments on truecrypt 7.1a. even more impressed with grc comments : https://www.grc.com/misc/truecrypt/truecrypt.htm ….so grabbed a copy there along with the user guide. i dont hide any earth-shaking secrets but love to learn. am currently using safehouse explorer and have found that easy for day to day use on hard drives or flash. thanks again Martin for your info…and by the way, your use of English is getting so good its scary. haha

  10. Cloudwatcher said on April 25, 2016 at 8:58 pm
    Reply

    I found TrueCrypt 7.1a buggy to the point of unusability on Windows 10, where something seemed to be intefering with its ability to interact with Windows Explorer. It was all around buggy and crashed way more often than it did on Win 7 before I upgraded. It also failed to unmount volumes reliably, and I would come back from a reboot to find my encrypted volume still mounted and accessible.

    Tried VeraCrypt but the performance left me unimpressed. It took forever to mount volumes, and since I mount and unmount volumes multiple times in a session, this was huge for me. Plus, converting my large TrueCrypt volumes to VeraCrypt volumes (or copying over all the files) seemed like a time-consuming chore so I left it at the bottom of my list.

    CipherShed hit the sweet spot for me. Fast as TC, works with my existing volumes as they are, and all the bugginess is gone under Windows 10. This is the one I’ll be using for the forseeable future. If it’s not upgraded that often, so what? It works as is and it’s still more often than TrueCrypt!

    1. xeo said on May 12, 2016 at 8:14 pm
      Reply

      LoL, you are worried about security and privacy, yet you use windows 10, LoL, if i were you i would be more worried about windows 10

  11. AAA said on April 25, 2016 at 9:50 pm
    Reply

    I am a loyal fan of TrueCrypt, sorry. Those guys were genius, and even made MS come up with it’s own Bit-locker; which i don’t trust in at all to be honest.

  12. PhoneyVirus said on April 26, 2016 at 1:42 am
    Reply

    Typos UEFI boat loaders and as VeryCrypt

  13. webfork said on April 29, 2016 at 8:40 pm
    Reply

    License note: hopefully it’s just a case of needing to update the page but the wiki is still listing the license as to-be-determined: https://wiki.ciphershed.org/License Assuming that’s just an issue of delay, I’m very happy with an Apache license: it will keep the Linux people happy, allows commercial integration, and addresses software patents (as every open license should). By way of comparison, the main alternative project Veracrypt is also Apache 2.0 so presumably the two projects could borrow code from one another.

    Also — speaking of standards — I wish their wiki would use “MediaWiki” (used by Wikipedia) rather than “Moinmoin” but whatever.

  14. xargon said on May 7, 2016 at 10:06 am
    Reply

    VeraCrypt all the way…

  15. Dark Shadow said on August 6, 2016 at 11:07 pm
    Reply

    Ciphershed all the way because it just works

  16. J Schneier said on August 26, 2016 at 12:22 am
    Reply

    VeraCrypt – Because TrueCrypt died, and one of the main developers of Ciphershed works for the USA agency DISA.

    See: https://www.reddit.com/r/TrueCrypt/comments/2ru5xb/main_ciphershed_truecrypt_fork_developer_works/

    Do you really trust an employee of the USA Defense Information Systems Agency to secure your data?

    Then again. Maybe I work for DISA, and VeraCrypt is backdoored by us, so I’m pushing you away from CipherShed?
    – J S

  17. me said on December 2, 2016 at 5:13 pm
    Reply

    nahh
    they already cracked veracrypt long time ago
    and patched it by themselves
    and suprised that developers
    still do not know about it
    if the government
    seen the hole
    they wont told it to the developers
    if you are a good very good programmer
    if you did seen one…
    would you…
    i would search someone
    who wanted to pay to crack it
    ———-
    government forced to shutdown truecrypt
    because…
    until now they cant cracked it

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.